CVEs classified under CWE-254, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2016-5788 — CVSS 10.0 (critical): General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it…
CVE-2015-3972 — CVSS 10.0 (critical): The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it…
CVE-2015-1158 — CVSS 10.0 (critical): The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value…
CVE-2019-15149 — CVSS 9.8 (critical): core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is…
CVE-2017-8227 — CVSS 9.8 (critical): Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are…
CVE-2016-9568 — CVSS 9.8 (critical): A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
CVE-2011-4889 — CVSS 9.8 (critical): The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before…
CVE-2016-0332 — CVSS 9.8 (critical): IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed…
CVE-2014-5334 — CVSS 9.8 (critical): FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
CVE-2015-9065 — CVSS 9.8 (critical): In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access…
CVE-2016-10321 — CVSS 9.8 (critical): web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform…
CVE-2016-7630 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows…
CVE-2016-10178 — CVSS 9.8 (critical): An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2015-8857 — CVSS 9.8 (critical): The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which…
CVE-2016-8398 — CVSS 9.8 (critical): Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product…
CVE-2016-9865 — CVSS 9.8 (critical): An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by…
CVE-2016-6629 — CVSS 9.8 (critical): An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain…
CVE-2016-6957 — CVSS 9.8 (critical): Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC…
CVE-2016-6493 — CVSS 9.8 (critical): Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified…
CVE-2016-4215 — CVSS 9.8 (critical): Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC…
CVE-2015-8804 — CVSS 9.8 (critical): x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation…
CVE-2015-8803 — CVSS 9.8 (critical): The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2015-8286 — CVSS 9.8 (critical): Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP…
CVE-2016-1896 — CVSS 9.8 (critical): Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before…
CVE-2015-7554 — CVSS 9.8 (critical): The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or…
CVE-2016-2296 — CVSS 9.4 (critical): Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows…
CVE-2015-4516 — CVSS 9.3 (critical): Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable…
CVE-2015-3693 — CVSS 9.3 (critical): Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which…
CVE-2008-1195 — CVSS 9.3 (critical): Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and…
CVE-2016-6582 — CVSS 9.1 (critical): The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging…
CVE-2016-5763 — CVSS 9.1 (critical): Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance…
CVE-2015-8914 — CVSS 9.1 (critical): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended…
CVE-2016-9470 — CVSS 9.0 (critical): Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new…
CVE-2014-3150 — CVSS 8.8 (high): Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive…
CVE-2015-7843 — CVSS 8.8 (high): The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software…
CVE-2016-5196 — CVSS 8.8 (high): The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst…
CVE-2016-9028 — CVSS 8.8 (high): Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote…
CVE-2016-4475 — CVSS 8.8 (high): The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users…
CVE-2016-5145 — CVSS 8.8 (high): Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation…
CVE-2016-5132 — CVSS 8.8 (high): The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during…
CVE-2016-5128 — CVSS 8.8 (high): objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a…
CVE-2016-2831 — CVSS 8.8 (high): Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings…
CVE-2016-1696 — CVSS 8.8 (high): The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to…
CVE-2016-1672 — CVSS 8.8 (high): The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before…
CVE-2015-7330 — CVSS 8.8 (high): Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet…
CVE-2015-1142857 — CVSS 8.6 (high): On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes…
CVE-2016-6597 — CVSS 8.6 (high): Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary…
CVE-2016-6340 — CVSS 8.4 (high): The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for…
CVE-2016-3353 — CVSS 8.3 (high): Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended…